Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
| Bug#: 234812 (CVE-2008-3534) | Product: Gentoo Security | Version: unspecified | Platform: All |
| OS/Version: Linux | Status: ASSIGNED | Severity: normal | Priority: P2 |
| Resolution: | Assigned To: security@gentoo.org | Reported By: rbu@gentoo.org | |
| Component: Kernel | |||
| URL: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=14fcc23fdc78e9d32372553ccf21758a9bd56fa1 | |||
| Summary: Linux <2.6.26.1 tmpfs: fix kernel BUG in shmem_delete_inode (CVE-2008-3534) | |||
| Keywords: | |||
| Status Whiteboard: [linux <2.6.25.14] [linux >=2.6.26 <2.6.26.1] | |||
| Opened: 2008-08-15 12:47 0000 | |||
| Description: | Opened: 2008-08-15 12:47 0000 |
CVE-2008-3534 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3534): The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as demonstrated by the insserv program, related to allocation of "useless pages" and improper maintenance of the i_blocks count.
Fixed in 2.6.25.14 and 2.6.26.1
Beware, the patch introduced an independent bug which was subsequently fixed in 2.6.25.17 and 2.6.26.4 respectively: "fbdefio: add set_page_dirty handler to deferred IO FB" http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d847471d063663b9f36927d265c66a270c0cfaab Anyhow, hardened-kernel unaffected at present time. Removing alias. PS: genpatches-2.6.25-10 added 2.6.25.14. genpatches-2.6.25-3 added 2.6.26.1.